Only accepting e-mail from known parties

Dr. Dimitri Vulis dlv at bwalk.dm.com
Mon Dec 25 18:21:59 PST 1995


Adam Shostack <adam at homeport.org> writes:
> 	It would seem that only accepting signed mail, and caching the
> hash of the signed part would work pretty well, and also not require

Keeping a hash of the signed part sounds like an excellent defense from the
attack of recycled messages. "Your mail blah blah is being returned to you
because it appears to be similar to the e-mail you send on dd/mm/yy". Cool.

> anything (other than a signature) from the remote end.  The cost of a
> spam is the time to generate a new key pair.  (You probably need some
> way to add new keys, for people to be able to say 'I'd like to talk to
> you.')

When thinking of a protocol, it's useful to consider what do we do in "real
life" to reach an important person: Either ask a common acquiantance to
introduce you, or go through a secretary.

Say, Alice wants to send e-mail to Bob who doesn't accept e-mail to strangers.
Alce may learn that Bob accepts Carol's e-mail, and ask Carol to forward
Alice's e-mail to Bob (with Carol's signature).

An interesting idea would be for Bob (together with other people) to pay some
David to screen their e-mail received from strangers (manually, or with the
help of some programs) and to decide whether to pass them on to Bob or to
discard it. E-mail from known senders goes straight to Bob, and e-mail from
strangers goes to David the screener. Not unlike "real life".

---

Dr. Dimitri Vulis
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps






More information about the cypherpunks-legacy mailing list